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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under tlie provisions of 37 CFR 1 . 1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above Is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )^ Responsive to communication(s) filed on 29 June 2001 . 
2a)n This action is FINAL. 2b)S This action is non-final. 

3) n Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213, 

Disposition of Claims 

4) ^ Claim(s) 1-29 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) 0 Claim(s) is/are allowed. 

6) ^ Claim(s) 1-29 is/are rejected. 
?)□ Claim(s) is/are objected to. 

8) n Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) n The specification is objected to by the Examiner. 

10) S The drawing(s) filed on 29 June 2001 is/are: a)IEI accepted or b)^ objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) n The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) n Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)n All b)n Some * c)^ None of: 

1 Certified copies of the priority documents have been received. 

2. n Certified copies of the priority documents have been received in Application No. . 

3. n Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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1) □ Notice of References Cited (PTO-892) 4) □ Inten/lew Summary (PTO-413) 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) Paper No(s)/Mail Date. . 

3) □ Infomiation Disclosure Statement(s) (PTO-1449 or PTO/SB/08) 5) □ Notice of Infomnal Patent Application (PTO-1 52) 
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Art Unit: 2133 

Detailed ACTION 



1 . Claims 1-29 are presented for examination. 



Specification 

2. Applicant is reminded of the proper language and format for an abstract of the 
disclosure. 

The abstract should be in narrative form and generally limited to a single 
paragraph on a separate sheet within the range of 50 to 1 50 words . It is important that 
the abstract not exceed 150 words in length since the space provided for the abstract 
on the computer tape used by the printer is limited. The form and legal phraseology 
often used in patent claims, such as "means" and "said," should be avoided. The 
abstract should describe the disclosure sufficiently to assist readers in deciding whether 
there is a need for consulting the full patent text for details. 

The language should be clear and concise and should not repeat information 
given in the title. It should avoid using phrases which can be implied, such as, "The 
disclosure concerns," "The disclosure defined by this invention," "The disclosure 
describes," etc. 



3. The abstract of the discloser is objected to because it is more than 150 words. 
Correction is required. 



Claim Rejections - 35 USC § 102 



4. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the Invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the Invention by the 
applicant for patent, except that an International application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
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only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

5. Claim 1-12 and 21-29 are rejected under 35 U.S.C. 102(e) as being anticipated 
by Scott E. Fahlman et al. (US Patent NO.5,960,080). 

Regarding Claim 1 and 27 

Fahlman teaches a method (apparatus) for use in a multi-level secure 
system for sanitizing a message, said multilevel secure system including at least 
first and second security levels wherein first security level users are authorized to 
receive sensitive information that second security level users are not authorized 
to receive, said method comprising the steps of: establishing a computer-based 
sanitization tool for sanitizing messages based on predefined sanitization, rules; 
(column 4, lines 17-67 and column5 lines 1-40) using said computer-based 
sanitization tool to receive a first message from a first external system, said first 
message including said sensitive information and additional information;(column 
4 lines 20-22) first operating said computer-based sanitization tool to identify said 
sensitive information within said message (column 4 lines 28,29) and to sanitize 
said message relative to said sensitive information, thereby generating a first 
sanitized message different than said first message; (column 4 lines 42-43) and 
second operating said computer-based sanitization tool for transmission of said 
first sanitized message to a second external system, said second external 
system being associated with said second security level (column 4 lines 64-66). 
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Regarding Claim 2 

Fahlman teaches a method, wherein said step of first operating comprises 
identifying said sensitive information based on said second security level and 
protecting said sensitive information such that said sensitive information is not 
useable by said second external system, (column 4 lines 17-65). 



Regarding Claim 3 

Fahlman teaches a method, wherein said step of first operating comprises 
accessing storage including multiple rule sets, using a parameter associated with 
said second security level to select a rule set, and applying said selected rule set 
with respect to the first message to generate said first sanitized message, 
column 3, lines 35-53). 

Regarding Claim 4 

Fahlman teaches a method, wherein step of second operating comprises 
identifying third external system associated with the third security level (column 
6, lines 54-61 and fig 6 and associated text, discloses many options such as 
encryption. Examiner considers any option as another security level) operating 
said computer-based sanitization tool to generate a second sanitized message 
different than each of the said first message and said first sanitized message and 
operating said computer based sanitization tool for transmission of said second 
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sanitized message to said third external system, (column 4, lines 20-67 and 
column 5, lines 1-34). 

Regarding Claim 5, 24 

Fahlman teaches a method, wherein said step of using comprises 
receiving a text only message, (column 4 lines 22-24). 

Regarding Claim 6 

Fahlman teaches a method, wherein said first message includes a 
graphics portion and said step of first operating comprises protecting sensitive 
information within said graphics portion such that said sensitive information is not 
useable by said second external system. (column4 lines 22-26, 47-53). 

Regarding Claim 7 

Fahlman teaches a method, wherein said step of first operating comprises 
parsing said first message into a number of tokens and separately analyzing 
each token for said sensitive information, (column 4, lines 37-45). 
Regarding Claim 8 

Fahlman teaches a method, wherein said step of first operating comprises 
recursively parsing said first message to provide tokens of progressively smaller 
content until a desired parsing resolution is achieved and separately analyzing 
each token of said desired parsing resolution for said sensitive information, 
(column 4, lines 46-60). 
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Regarding claim 9 

Fahlman teaches a method, wherein said step of second operating 
comprises identifying a first format associated with said second external system 
and converting said first sanitized message into said first format. (column4, lines 
64-65). 



Regarding claim 10 and 28 

Fahlman teaches a method (apparatus), wherein said step of second 
operating comprises identifying a first format associated with said second 
external system, accessing storage including multiple specifications relating to 
multiple formats, retrieving from said storage first specification information for 
said first format and converting said first sanitized message into said first format 
using said first specification information, (column 4, lines 64,65 and column 3, 
lines 56-60). 

Regarding claim 11 

Fahlman teaches a method, further comprising the steps of generating a 
second sanitized message, the same or different than the first sanitized 
message, for transmission to a third external system, where said second external 
system is associated with a first format and said third external system is 
associated with a second format, first converting said, first sanitized message 
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into said first format and second converting said second sanitized message into 
said second format.(column4 , lines 20-65, column 5 lines 1-17). 

Regarding claim 12 

Fahlman teaches a method, further comprising the step of providing 
storage including first specification information for said first format and second 
specification information for said second format, where said step of first 
converting comprise accessing said storage to obtain said first specification 
information and said step of second converting comprises accessing said storage 
to obtain said second specification information, wherein said storage can be used 
to reconfigure said sanitization tool for transmission in multiple formats without 
re-compiling. (column 2, lines 43-56). 

Regarding claim 21 

Fahlman substantially teaches a method for use in a multi-level secure 
system for sanitizing a message, said multi-level secure system including at least 
first and second security levels wherein first security level users are authorized to 
receive sensitive information that second security level users are not authorized 
to receive, said method comprising the steps of: establishing a computer-based 
sanitization tool for sanitizing messages based on predefined sanitization rules; 
(column 4, lines 17-64 and column 5, lines 1-40) first operating said computer- 
based sanitization tool for receiving a message and recursively parsing the 
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message such that the message is parsed into tokens of a desired 
size;(column4, lines 38-53) second operating said computer-based sanitization 
tool for applying sanitization rules with respect to the parsed tokens to identify at 
least one dirty token relative to an identified recipient; and third operating said 
computer-based sanitization tool for sanitizing said message relative to said dirty 
token to generate a sanitized message for transmission to said identified 
recipient. [(Examiner interprets dirty token as standard token)(column 4, lines 27- 
46)]. 

Regarding claim 22 

Fahlman substantially teaches a method, wherein said step of second 
operating comprises identifying said at least one standard token based on a 
security level associated with said identified recipient and protecting said 
standard token such that said standard token is not useable by said identified 
recipient, (column 3, lines 27-67). 

Regarding claim 23 

Fahlman substantially teaches a method, wherein said 
step of second operating comprises accessing storage including multiple rule 
sets and using a parameter associated with said identified recipient to select said 
sanitization rules, (column 4, lines 37-67 and column 5, lines 1-20). 



Application/Control Number: 09/895,801 Page 9 

Art Unit: 2133 

Regarding claim 25 

Fahlman substantially teaches a method, wherein said 
message includes a graphics portion and said step of second operating 
comprises identifying said at least one standard token within said graphics 
portion, (column 4, lines 22-46). 

Regarding claim 26 

Fahlman substantially method, wherein said step of third operating 
comprises identifying a format associated with said identified recipient and 
converting said sanitized message into said format.(column4, lines 64-65). 

Regarding claim 29 

Fahlman teaches an apparatus as, wherein said sanitization engine is 
operative for identifying a potential recipient of said message and obtaining said 
at least one sanitization rule based on said intended recipient.(column 3, lines , 
27-67 and column 7, lines 7-10). 

Claim Rejections - 35 USC § 103 

6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) patent may not be obtained though the invention is not identically disclose or described as set forth 
in section 102 of this title, if the differences between the subject nnatter sought to be patented and the 
prior art are such that the subject nnatter as a whole would have been obvious at the time the invention 
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was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

7. * Claims 13-20 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Scott E. Fahlman et al. (US Patent N0.5. 960,080). in view of Richard S. Lindman et 
al.(US Patent NO.4,882,752). 

Regarding Claim 13, 14, 15 

Fahlman teaches a method for use in a multi-level secure system for 
sanitizing a message, said multi-level secure system including at least first and 
second security levels wherein first security level users are authorized to receive 
sensitive information that second security level users are not authorized to 
receive, said method comprising the steps of: establishing a computer-based 
sanitization tool for sanitizing messages based on predefined sanitization 
rules;(column 4, lines 17-64, column 5, lines 1-40). first using said computer- 
based sanitization tool for receiving a message for potential distribution;(column 
4, lines 20-22). Third operating aid computer-based sanitization tool for sanitizing 
said received message to generate first sanitized message for transmission to 
said first potential recipient (column 4, lines 20-46) and fourth operating said 
computer-based sanitation tool for sanitizing said received message to generate 
a second sanitized message, different than the first sanitized message, for 
transmission to said second potential recipient, (colunnn 4, lines 20-67 and 
column5, lines 1-28). protecting first and second sensitive information such that 
first sensitive information is not useable by first potential recipient and second 
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sensitive information is not usable by second potential recipient.( column 4, lines 
46-53). Fahlman does not teach second operating said computer-based 
sanitization tool for identifying at least first and second potential recipients having 
first and second security clearances and identifying first and second sensitive 
information based on first and second security clearances andaccessing storage 
including multiple rule sets, using parameters associated with first and second 
security clearances to select a first rule set, second rule set. However Lindman 
discloses a method of different levels of security clearances (column 8, lines 65- 
68, column 9, lines 1-8 and column 10, lines 16-49) and identifying first and 
second sensitive information based on first and second security clearances, 
(column 8 lines 65-68, column9, lines 1-8 and column 10, lines 16-49). Accessing 
storage including multiple rule sets and using parameters associated with the first 
and second security clearances to select the first and second rule sets, (column 
8, lines65-68,column 9 lines land column 10, lines 16-24). Therefor it would 
have been obvious to person having ordinary skill in the art at the time the 
invention was made to modify the method disclosed by Fahlman to include the 
first and second security clearances for at least first and second potential 
recipient, identifying first and second sensitive information based on first and 
second security clearances and accessing storage including multiple rule sets, 
using parameters associated with first and second security clearances to select a 
first rule set and second rule set This modifications could have been obvious 
because person having ordinary skill in the art would have been motivated to do 
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so in order to provide several security levels to prevent access by unauthorized 
recipient and spread of private information outside of the trusted environment. 



Regarding Claim 16 

Fahlman teaches a meth, wherein said step of first using 
comprises receiving a text only message, (column 4. lines 22-24). 

Regarding claim 17 

Fahlman teaches a method, wherein said message includes a graphics 
portion and said step of third operating comprises protecting sensitive information 
within said graphics portion such that said sensitive information is not useable by 
said first recipient, (column 4, lines 22-26,47-53). 

Regarding Claim 18 

Fahlman teaches a method, wherein said step of third operating comprise 
parsing said message into a number of tokens and separately analyzing each token 
for sensitive information, (column 4, lines 37-45). 

Regarding claim 19 

Fahlman teaches a method, wherein said step of third operating 
comprises identifying a first format associated with said first potential recipient 
and converting said first sanitized message into said first format, and said step of 
fourth operating comprises identifying a second format associated with said 
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second potential recipient and converting said second sanitized message into 
said second format, (column 3, lines 56-60, column 4, lines 64-65 and column 5, 
lines 1-17). 

Regarding Claim 20 

Fahlman teaches a method, further comprising the step of providing 
storage including first specification information for said first format and second 
specification information for said second format, where said step of third 
operating comprises accessing said storage to obtain said first specification 
information and said step of fourth operating comprises accessing said storage to 
obtain said second specification information, wherein said storage can be used to 
reconfigure said sanitization tool for transmission in multiple formats without re- 
compiling. (column 2, lines 43-56). 

References Cited, Not Used 

8. The prior art made of record and not relied upon is considered pertinent to 

applicant's disclosure: 

1. U.S.Patent No.6,678,822 

This reference relates to a method for securely exposing information from 
a first data processing environment to a second data processing environment. 

2. U.S.Patent No. 5,872,847 

This reference teaches a method for establishing trusted communication 
with associations for communications between users on an Internet protocol 
based computer network. 
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3. U.S.Patent No. 6,304,973 

This reference relates a multi-level security system. 

Conclusion 

9. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Ali Abyaneh whose telephone number is (571) 
272-7961. The examiner can normally be reached on Monday-Friday from (8:00- 
5:00). If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Albert Decady can be reached on (571)272-3819. The fax 
phone numbers for the organization where this application or proceeding is 
assigned as (703) 872-9306. Information regarding the status of an application 
may be obtained from the Patent Application Information Retrieval (PAIR) 
system. Status information for published applications may be obtained from 
either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about 
the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on 
access to the Private PAIR system, contact the Electronic Business Center 
(EBC) at 866-217-9197 (toll-free). 



Ali Abyaneh 
Patent Examiner 
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